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• Provide hardware modified to include read 
only locking mechanism 

• Install cryptographic signature engine 

• Modify operating system (OS) versions to 
notify system when a new version of the 
OS is in the system and boot process 
termination 

• Modify POST 



301 



302 



Load an OS version in its own storage partition 
with corresponding descriptor fields 



During OS installation, Hash the boot 
record (BR) to produce a digest using a 
Hashing algorithm like SHA- 1 



303 



Sign the digest using a crypto-signature engine 
and the OS's private installation key 



304 



Store resulting signature, with a field 
indicating that it is the current booting 
OS, its name and version number, in a 
non-volatile memory 





Go to step 401 
in FIG. 4 
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401 



Await cycle of 
system power 



I 



402 



Load the boot record (BR) from the active 
partition with power on self test (POST) when 
system is powered up 



403 



Decrypt the signature in the active entry in non- volatile 
memory using the operating system's (OS) public 
installation key 



406 



Compare the resulting signature to the 
Hash of the BR found in the active 
partition on the local boot device 



404 



405 



Boot with 
active 
OS 




NO 



POST compares data 
from the decrypting 
process of the alternate 
signature in non-volatile 
memory to the Hash of 
the BR in the active 
partition 



YES 



> 


( 




Clear first entry 


408 


from non-volatile 


memory 






Move the alternate 
entry to the first 
entry 



409 



410 



411 



Halt POST 
require system 
configuration to be 
corrected 



If any new data exists in the 
third entry move it to the 
alternate position 



413 



Go to Step 

401 
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Power up 
system 



Perform normal power 
on self test (POST) 
functions 



Read Master Boot Record 
(MBR) on Boot device 



I 



Find active partition 
in Partition Table 



601 



-602 



YES 




606 



.607 



Leave all three entries in 
version management 

table unlocked for later 
use by the OS loader 



Boot OS in 
active 
partition 



lock the primary and 
alternate entries in the 
entry table in non-volatile 
memory 



-611 



Halt booting and require 
system configuration to 
be corrected to proceed 



-613 



Clear primary entry, 
move contents of 
alternate entry to 
primary entry 



If third entry is valid 
move contents its 
contents to alternate 
entry 
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Power-up sysetm 



Perform normal power 
on self test (POST) 
functions 



Read Master Boot Record (MBR) 
on Boot device and find 
active partition in partition table 



-705 




706 



707 



Clear primary entry 
and move contents 
of alternate entry to 
primary entry 



1 



Move third entry 
contents to 
alternate entry 



Mark partition 
represented by new 
primary entry as 
active in MBR 
partition table 



-709 



Leave all three entries in 
version management 

table unlocked for later 
use by the OS loader 



Boot operating 
system (OS) in 
active partition 



lock the primary and alternate 
entries in the entry table in 
non- volatile memory 



-714 



Halt booting and require 
system configuration to 
be corrected to proceed 



•716 



Clear primary entry, 
move contents of 
alternate entry to 
primary entry 



If third entry is valid 

move contents its 
contents to alternate 
entry 
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Boot DOS 



802 



Execute FDISK 




Boot Windows OS 



Execute Disk 
Administrator 



Mark alternate partition 
containing new OS 
version as active 
partition on boot device 



805 



-804 



Power system OFF and 
then back ON 



Power on self test (POST) recognizes 
the change in the active partition by 
comparing signatures against the 
version management table 
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Clear primary entry, move 
contents of alternate entry 
to primary entry 



I 



Lock primary and alternate 
entries in table in 
non-volatile memory 



809' 



808 



Boot new version of OS in 
active partition completing 
the OS switch 
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